Privacy Statement

This statement relates to our privacy practices in connection with this website.

We are not responsible for the content or privacy practices of other websites. Any external links to other websites are clearly identifiable as such. Some technical terms used in this statement are explained at the end of this page.

General statement

Crosscare fully respects your right to privacy, and will not collect or publish any personal information about you through this website without your clear permission. Any personal information which you volunteer to Crosscare will be treated with the highest standards of security and confidentiality, strictly in accordance with the Data Protection Acts, 1988 - 2003.

Collection and use of personal information

Crosscare does not collect any personal data about you on this website, apart from information which you volunteer (for example by e-mailing us or by using our online feedback form). Any information which you provide in this way is not made available to any third parties, and is used by Crosscare only in line with the purpose for which you provided it.

Collection and use of technical information

Crosscare will make no attempt to identify individual visitors, or to associate technical details with any individual. It is the policy of Crosscare never to disclose such technical information in respect of individual website visitors to any third party (apart from our internet service provider, which records such data on our behalf and which is bound by confidentiality provisions in this regard), unless obliged to disclose such information by law. The technical information will be used only by Crosscare, and only for statistical and other administrative purposes. You should note that technical details, which we cannot associate with any identifiable individual, do not constitute "personal data" for the purposes of the Data Protection Acts, 1988 – 2003.

Complaints about data processed via the website

If you are concerned about how personal data is processed via this website, please do not hesitate to bring such concerns to Crosscare by contacting us by emailing This email address is being protected from spambots. You need JavaScript enabled to view it. .

Third Party Websites

This privacy statement does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any website to which this website contains a link. The inclusion of a link on the website does not imply endorsement of the linked website by us.

Additionally, we may provide you with access to third-party functionality that permits you to post content to your social media account(s). Please note that any information that you provide through use of this functionality is governed by the applicable third party’s privacy policy, and not by this privacy policy, and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Introduction

Crosscare has an ethical responsibility to maintain the highest standards of confidentiality in the safeguarding of information about its staff members, volunteers and service users.  

Information collection is essential to us fulfilling our duties.  Data Protection legislation seeks to give people control of their own personal information and so it confers certain obligations on Crosscare in relation to how personal information is collected and used.

The legislation was originally introduced to protect individual’s personal information from misuse by automated means.  This has since been extended to include processing of manual data.

The Data Protection Acts of 1988 and 2003 have a significant role to play in supporting our work.  The aim of this policy is to ensure that each Crosscare staff member has an understanding of the concepts of Data Protection and is aware of their own responsibilities in relation to the organisation’s overall compliance with the Acts.

Definitions

Data Protection is the safeguarding of the rights of individuals to privacy and integrity in relation to the processing of their personal data.  The Data Protection Acts of 1988 & 2003 confer rights on individuals as well as responsibilities on those persons handling, processing, managing and controlling personal data.

Data Controller – an individual or entity who controls the contents and use of personal data.

Data Protection Officer - the individual within an organisation who has responsibility for data protection. 

Data means information in any form, which can be processed.  It includes both automated or electronic data and manual data.

Automated data means any information created and held on computers.  Examples of this would be a word document, an email or a database.

Manual Data means information that is kept as part of a relevant filing system or with the intention that it should form part of a relevant filing system.  Examples of these are traditional paper files, reports and statements as well as personnel and financial records which are used as part of our daily operational duties.

Relevant filing systems means any sets of information, which are not computerised but are structured by reference to individuals or by reference to criteria relating to individuals so that specific information relating to a particular individual is readily accessible.  Examples of these would be files which contain information about an individual such as personal files in HR.

Personal data means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in or likely to come into the possession of the Data Controller.

Access Request is where a person makes a request to the for a copy of their personal data under Section 4 of the Acts.

Sensitive personal data relates to specific categories of data which are identified as data relating to a person’s racial origin; political opinions; religious or other beliefs; physical or mental health; sexual life; criminal convictions or the alleged commission of an offence; membership of a trade union.  Examples of these are files or entries containing details of allegations, prosecutions or convictions with regard to an individual.  A higher duty of care is required by the Data Protection Acts in relation to the processing of sensitive data.

Processing means performing any operation or set of operations on data including:

  • •Obtaining, recording or keeping data;
  • •Collecting, organising, storing, altering or adapting data;
  • •Retrieving, consulting or using data;
  • •Disclosing the data by transmitting, disseminating or otherwise making it available;
  • •Aligning, combining, blocking, erasing or destroying data.

Data Subject is an individual who is the subject of personal data.

Data Processor is a person who processes personal information on behalf of the Data Controller.

Data Protection Rules

The following are the eight Rules Data Protection, which must be adhered to at all times.

Rule 1.  Obtain and process information fairly

Crosscare will obtain and process personal data fairly and in accordance with the fulfillment of its functions. The Data Subject must be made aware of the following;

  • •The identity of the Data Controller
  • •The purpose in collecting the data
  • •The persons or categories of persons to whom the data may be disclosed and
  • •Any other information which is necessary so that processing may be fair.

To fairly process personal data it must have been fairly obtained in line with the above, the data subject must have given consent to the processing, or the processing must be necessary for one or more of the following reasons and any one or more will apply to the performance of our function:-

  • •To prevent injury or other damage to the health of the data subject
  • •To prevent serious loss or damage to property of the data subject
  • •To protect the vital interests of the data subject
  • •Where the seeking of the consent of the data subject is likely to result in those interests being damaged               

There will be circumstances when the purpose of information or data to be used is obvious.  On other occasions it may be necessary to provide an explanation.  

Rule 2.                  Keep it for only one or more specified, explicit and lawful purposes

  • •Crosscare will keep data for purposes that are specific, lawful and clearly stated and the data will only be processed in a manner compatible with these purposes.
  • •A person has the right to question the purpose for which Crosscare holds his/her data and Crosscare must be able to identify that purpose.

Crossscare holds information for a variety of purposes.  Much of this information is held for administrative and functional purposes.  Personnel files of all staff members including financial details are kept.  All such information must be obtained and processed in compliance with the Acts. 

Rule 3.  Use and disclose it only in ways compatible with these purposes.

Crosscare will only disclose personal data that is necessary for the purpose(s) or compatible with the purpose(s) for which it collects and keeps the data.  Disclosure in the context of data protection is the provision of personal data to a third party by any means whether written, verbally or electronically.

The Act places serious responsibility on every employee not to disclose data in relation to any individual to any other individual who is not entitled by law to receive it.  Personal data is used within Crosscare in the normal course of operational functions. Any use or disclosure must be necessary for the purpose(s) or compatible with the purpose(s) for which the data is collected and kept.  An employee making a disclosure should consider whether the data subject would be surprised to learn that a particular disclosure is taking place. If the potential answer to this question is yes then there is a need to question the basis for the disclosure prior to making it.

In all cases the identity of the recipient of the disclosure should be established along with the specific purpose of the disclosure and the legal basis/power to disclose the relevant data.  A record of all disclosures should be maintained.  In cases where there is any doubt as to disclosure, or the status of the data concerned, a file should be submitted to the Data Protection Officer for directions.

Examples of legitimate disclosures are;

  • •Statements or information issued to the media which are managed in conjunction with Crosscare’s Communications officer
  • •Information provided to the Pension Fund Managers regarding new employees who are entitled to join the scheme

Examples of illegitimate disclosures are;

  • •Accessing or Disclosing Personal data for any purpose other than that for which it is obtained is prohibited. 
  • •Examples of this would be an employee accessing and or disclosing personal home details of a colleague to a member of the public without their consent
  • •Accessing and or disclosing details of any person’s criminal convictions to a party not entitled to receive them

 

Rule 4.  Keep it safe and secure.

Crosscare will take appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of, the data and against their accidental loss or destruction.  Crosscare is aware that high standards of security are essential for all personal information.

Appropriate security measures must be taken against unauthorised access to, or alteration, disclosure or destruction of, personal data and against accidental loss or destruction.  The security of personal information is all important, but the key word here is appropriate, in that it is more significant in some situations than in others, depending on such matters as confidentiality and sensitivity and the harm which might result from an unauthorised disclosure.  High standards of security are, nevertheless, essential for all personal information.  The nature of security used may take into account what is available, the cost of implementation and the sensitivity of the data in question. 

The standard of security expected of all staff members in Crosscare includes the following;

  • •Computer systems password protected
  • •Access to information restricted to authorised staff on a “need to know” basis in accordance with a defined policy
  • •Information on computer screens and manual files hidden from callers to offices
  • •Back-up procedures in operation for computer held data, including off-site back-up
  • •All waste papers, printouts etc disposed of carefully by shredding
  • •All employees must log off all computers on each occasion when they leave their work station
  • •Personal security passwords must not be disclosed to any other employees
  • •All premises must be secure when unoccupied

Each Crosscare Senior Service Manager will be responsible for all the above within Crosscare with periodic reviews of the measures and practices in place

Every contact on the computer systems leaves a trace and each staff member should be acutely aware that all activity under their password is recorded.  During an Audit or Investigation procedure they may be asked to account for the reasons they accessed a particular individual’s data at any given time and what they did with it afterwards.  Crosscare will ensure that appropriate data protection and confidentiality clauses are in place with any processors of personal information on its behalf.

 Rule 5.  Keep it accurate, complete and up-to-date.

Crosscare will ensure high levels of data accuracy.  Crosscare will keep personal data up-to-date.  Crosscare will put in place appropriate procedures to assist staff in keeping data up-to-date.

To comply with this rule Crosscare will ensure that: -

  • •Administration and computer procedures are adequate to ensure high levels of data accuracy
  • •The general requirement to keep personal data up to date has been fully implemented
  • •Appropriate procedures are in place, including periodic review and audit, to ensure that each data item is kept up to date

Section 6 of the Acts gives a person the right to seek to have personal data amended or erased where it can be shown to be incorrect.

Rule 6. Ensure that it is adequate, relevant and not excessive.

Personal data held by Crosscare will be adequate, relevant and not excessive in relation to the

purpose(s) for which it is kept.

A staff member of Crosscare can fulfill this requirement by making sure they only seek and retain the minimum amount of personal data needed for the specified purpose.

To comply with this rule each employee should ensure that the information held is:

  • Adequate in relation to the purpose(s) for which it is kept;
  • Relevant in relation to the purpose(s) for which it is kept;
  • Not excessive in relation to the purpose(s) for which it is kept;
  • Retain it for no longer than is necessary for the purpose or purposes.       

Rule 7. Crosscare will have a policy on retention periods for personal data. 

This requirement places a responsibility on Crosscare to be clear about the length of time data will be kept and the reason why the information is being retained.  To meet this requirement,  Crosscare will ensure that all files are managed and appropriate Retention/Disposition schedules are in place.

For the purpose of retention, Data will be categorised into current files, non-current files and archives.  Crosscare’s archive files are stored in and are under the management of the Dublin Diocesan Archives office.

Rule 8. Give a copy of his/her personal data to that individual, on request.

Crosscare will have procedures in place to ensure that data subjects can exercise their rights under the Data Protection Acts.

On making an access request any individual, about whom Crosscare keeps personal data, is entitled to;

  • •A copy of the data being kept about him/her
  • •Know the purpose(s) for processing his/her data
  • •Know the identity of those to whom the organisation discloses the data
  • •Know the source of the data
  • •Know the logic involved in automated systems
  • •A copy of the any data held in the form of opinions, except where such opinions were given in confidence.

Crosscare has clear coordinated procedures in place to ensure that all relevant manual files and computers are checked for the data in respect of which the access request is made.

To make an access request the data subject must;

  • •Apply to Crosscare for access to their personal data Section 4 of the Data Protection Acts 1988 & 2003
  • •Give any details which might be needed to help identify him/her and locate all the information you may keep about him/her e.g. previous addresses, dates of employment etc
  • •Pay the appropriate access fee €6.35

Every individual about whom a Data Controller keeps personal information has a number of rights under the Act, in addition to the right of access.  These include the right to have any inaccurate information rectified or erased and the right to complain to the Data Protection Commissioner.  In response to an access request Crosscare must;

  • •Supply the information to the individual promptly and within 40 days of receiving the request
  • •Provide the information in a form which is clear to the ordinary person, e.g. codes must be explained in ordinary language
  • •Where an access request is refused, the reasons for the refusal of the request must be clearly outlined to the Data Subject.

Method of application requests for personal data should be made in writing on the prescribed form to the: -       

            Conor Hickey

Data Protection Officer,

            Crosscare,

            Clonliffe Road,

            Dublin 3.

Responding to requests once a valid request is received.

Crosscare must respond within 40 days, even if the personal data is not held or an exemption is relied upon.

Roles and Responsibilities

Crosscare Senior Managers (CSMs)

Crosscare’s management structure comprises of a senior management team. There are six senior service managers and a Director of HR and Director of Finance. Collectively these managers are known as Crosscare Senior managers (CSMs) and there are responsible for each of the units under their span of control.

The CSMs are responsible for implementation of the Data Protection policy with advice and support from the Data Protection Officer.

The CSMs are responsible for: -

  • •Keeping personal data up to date as required.
  • •Retaining personal data no longer than necessary.
  • •Day to day security of the office environment (manual and automated records).
  • •Methods of handling personal information are clearly described and documented.
  • •All staff handling personal information are appropriately trained to do so.
  • •All staff handling personal information are appropriately supervised.
  • •Performance with handling personal information is regularly assessed and reviewed.
  • •The Data Protection Officer is kept informed of manual and automated systems storing and/or processing personal information.
  • •Continuous assessment of the need for all current personal information storage and processing and elimination of any that is not necessary.

Data Protection Officer

The responsibility for support and guidance of CSM’s in relation to compliance with Data Protection legislation lies with the Data Protection Officer.

This involves;

  • •Co-ordination of data protection within all Crosscare projects;
  • •Ensuring that reporting lines exist to allow other employees to raise matters relating to Data Protection at a senior level;
  • •Managing the organisation’s statutory obligations in respect of Data Protection Acts including compliance with the Data Protection principles, registration with the Data Protection Commissioner where applicable and securing individuals rights under the Acts;
  • •Maintaining an  up to date knowledge of Data Protection legislation and general developments in other relevant areas and to ensure that this Code of Practice is disseminated and adhered to throughout the offices
  • •Promoting data protection awareness through training, policy development, advice and guidance; 
  • •Ensuring that operating rules and general policy guidance in support of this Code of Practice and all matters relating to the Acts are available to staff
  • •Ensuring that CSMs are aware of the information and systems required to comply with the Data Protection principles and that appropriate security arrangements exist to protect data, including where necessary, that suitable contracts are drawn up relating to the processing of data held for Crosscare by third parties;
  • •To provide an initial point of contact for subject access requests.
  • •To advise CSMs on when active consent is required from people interacting with Crosscare staff members for data collection/processing;
  • •Investigation and resolution of complaints made in relation to personal data and to assist where appropriate in the investigation of disciplinary matters;
  • •Ensure that CSMs are appropriately advised that contracts with partners include strict quality, security and data protection compliance mechanisms and agreed inspection procedures;
  • •Providing for liaison on all data protection matters between Crosscare and the Data Protection Commissioner.
  • •The Data Protection Officer will conduct examinations and reviews of Data Protection procedures as part of their on-going examination and review process.

Staff Members

  • •Crosscare Staff members are responsible for ensuring that all data that they access, manage and control as part of their daily duties is done in accordance with the Data Protection Acts and this Policy.
  • •Ensure their personal information provided to Crosscare is accurate and up-to-date; inform  Crosscare of change of address or other circumstances.
  • •Ensure that third parties are aware of this policy and that they take appropriate measures to protect any personal data.  Non-disclosures agreements form part of every contract if they are subject to personal data.
  • •Ensure that personal data is factual, accurate and objective. 
  • •Work on the basis that access by staff to personal information will be audited for compliance with the law and internal policies.
  • •Hold personal data securely e.g. using locked cabinets and desk drawers.
  • •Failure to comply with this policy may result in a breach of the Data Protection Acts1988 & 2003.  Furthermore such staff members may be exposing themselves and Crosscare to litigation from an injured party.
  • •All current and former staff members of Crosscare will be held accountable, from a disciplinary perspective, in relation to all data processed, managed and controlled by them during the performance of their duties in Crosscare. 

Failure to follow these guidelines may be regarded as a breach of this policy and may be subject to disciplinary action up to and including dismissal.

Enforcement of Data Protection Legislation

Data Protection Commissioner

The Act establishes the independent office of the Data Protection Commissioner.  The Commissioner is appointed by the Government and is independent in the performance of his functions.  The Commissioner’s function is to ensure that those who keep personal data in respect of individuals comply with the provisions of the Data Protection Acts.  In furtherance of this function, the Data Protection Commissioner will also have responsibility for monitoring the implementation of this Policy.

The Data Protection Commissioner has a wide range of enforcement powers to assist him in ensuring that the principles of Data Protection are being observed.  These powers include the serving of legal notices compelling a data controller to provide information needed to assist his enquiries, or compelling a data controller to implement provisions of the Act.

The Data Protection Commissioner also investigates complaints made by the general public in relation to personal data and has wide powers in this area.  He can, for example, authorise officers to enter a premises and to inspect personal information kept on computer or relevant filing system.  Members of the public who wish to make formal complaints in respect of breaches of the Data Protection Acts may do so in writing to the office of The Data Protection Commissioner, Station Road, Portarlington, Co. Laois.  Further information is available at www.dataprotection.ie.

Any member of the public who reports breaches of the Data Protection Acts by Crosscare to individual staff members must report the matter to the Data Protection Officer.     

Where Crosscare a staff member, in the normal course of their duties, becomes aware that an individual, including staff members of Crosscare, may be breaching the Acts or have committed or are committing an offence under the Acts, they should report the matter through normal communication channels to their CSM and/or the Data Protection Officer.

Advice/Assistance

All people requesting advice and assistance on data protection issues within Crosscare should be directed to our Data Protection Officer, Conor Hickey

Useful numbers:  01 8360011

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

The Data Protection Commissioner

Tel.  1890 252231

www.dataprotection.ie

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Appendix 1

 

Subject Access Request Form

 

 

Data Subject Request Form

  1. 1.Name & Address
 
 
 
  1. 2.Tel. No.
 
  1. 3.Email
 
  1. 4.Is the information about you?  If yes, you will need to provide a copy of photographic ID, bearing your signature, for example, a passport or driving
  1. 5.Please describe what information you require with any additional facts that may help us with the search.
 
 
 
 
 
  1. 6.Declaration to be completed by all applicants.

I, _______________________________________ (name), certify that the information given on this application to Crosscare is correct.  I understand that it is necessary for Crosscare to confirm my identity and it may be necessary to obtain more detailed information in order to locate the correct personal data.

Signed ______________________________                 Date ________________

Note: Crosscare must respond to your request within 40 days.  This time frame will not begin until your identity has been established and any relevant details obtained.

Please return the completed form and any necessary documentation to the Data Protection Officer, Crosscare,  Holy Cross College, Clonliffe Road, Dublin 3.

Documents which must accompany this application include evidence of identity; and stamped address envelope for return of the above mentioned documents.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Crosscare will process the personal information included on this form in accordance with the Data Protection Acts.  The information will only be used in order to process your request, will only be shared with those who can provide the information required and will be retained no longer than is necessary.

 

 

 

 

 

 

 

Data Subject Request Form – Third Party

  1. 1.Name & Address
 
 
 
  1. 2.Tel. No.
 
  1. 3.Email
 
  1. 4.If you are acting on behalf of another individual you will need to provide a letter from that person authorising you to act on their behalf.
  1. 5.Details of the individual whose information is being sought

Name & Address

 
 
 

Tel. No.

 

Email

 
  1. 6.Why have you been authorised to access this information?
 
 
 
  1. 7.Please describe what information you require with any additional facts that may help us with the search.
 
 
 
 
 
  1. 8.Declaration to be completed by all applicants.

I, _______________________________________ (name), certify that the information given on this application to Crosscare is correct.  I understand that it is necessary for Crosscare to confirm my identity and that of the person I am authorised to represent and it may be necessary to obtain more detailed information in order to locate the correct personal data.

Signed ______________________________                 Date ________________

Note:Crosscare must respond to your request within 40 days.  This time frame will not begin until your identity has been established and any relevant details obtained.

Please return the completed form and any necessary documentation to the Data Protection Officer, Crosscare, Holy Cross College, Clonliffe Road, Dublin 3.

Documents which must accompany this application include evidence of identity; evidence of data subject’s identity, authorisation from data subject to act on their behalf and stamped address envelope for return of the above mentioned documents.

 

 

 

 

 

Crosscare will process the personal information included on this form in accordance with the Data Protection Acts.  The information will only be used in order to process your request, will only be shared with those who can provide the information required and will be retained no longer than is necessary.

 

 

 


Appendix 2

Access Request from Staff Members to HR

Subject Access Request in relation to Personnel files

 

1. Requests for access to your own personal file should be addressed, in writing, to the Director of Human Resources. E-mails will be accepted.

 

2. The statutory period for dealing with requests is 40 days; however wherever possible HR will try to make the file available within 10 working days of receipt of any request. If you can demonstrate an urgent need requiring a quicker response, HR will treat this sympathetically. The €6.35 fee will be waived for current staff.

 

3. HR will arrange an appointment with the individual to view his/her file, if preferred. Files may only be viewed within HR, and under the supervision of a member of the Department.

 

4. Otherwise, HR will provide photocopies of documents on the file as requested by the individual.

 

5. If a member of staff wishes someone else to view the file on their behalf, or to accompany them when they view the file, they must confirm this in writing to the Director of Human Resources in advance. The authorisation must be for a named person, i.e. ‘a union rep’ will not be sufficient, the name of the individual must be given. Again, e-mail authorisation will be accepted.

 

7. A representative from HR will arrange a meeting with the subject for them to examine their file. If the person is not known to HR, their identification will be checked to see that they are who they say they are. HR can provide copies of information kept on the file on request at that meeting.

 

8. Former members of staff who wish to apply for subject access are expected to follow the standard procedures set out in section. HR reserves the right to impose the standard €6.35 fee in this case.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

APPENDIX 3

FREQUENTLY ASKED QUESTIONS

 

What is the Data Protection Act about?

The Data Protection Act 1988 and the Data Protection (Amendment) Act 2003 requires that any organisation that collects or holds information about living people does so in a way that is fair to that person. It sets out eight rules for the processing of personal data which organisations must adhere to. The Act also gives individuals the right of access to their own information.

Is Crosscare subject to the Data Protection Act?

All organisations, whether public or private, large or small, must process personal information in accordance with the Acts.

What personal information is covered?

All recorded personal information should be processed in accordance with the Acts. This means all written documents, whether electronic or paper copies, and information contained in other recorded media – CCTV footage or other video, audio cassettes and so on are also covered. The information does not have to be factual; opinions about a person are also included in the definition of personal data.

What are my rights?

The Data Protection Act gives individuals the right to know whether an organisation is processing personal information about them. If personal information is being processed, the individual has a right to know what information is being processed, why it is being processed, how it is being processed, and for what reasons. People have a right to see this data and are also entitled to receive a copy of the information. People asking for this information are making Subject Access Requests. The Data Protection Acts also gives people the right to correct inaccurate information.

How do I exercise these rights?

You can exercise your rights by making a subject access request. Any person can make a subject access request; by writing to an organisation, asking to know what personal information is held, and what use is made of the information. To correct false information, you should write to the organisation pointing out the error, and where necessary, provide evidence that the information is incorrect.


Is there a cost for making a Subject Access Request?

There is a fixed fee of €6.35 for making a Subject Access Request. This fee is generally waived for current members of staff seeking access to their personnel file.

I am collecting personal information for Crosscare. What do I need to do?

Only collect information which you really need and make sure that the person supplying the information knows how you intend to use it. If you intend using it for any other purpose, make sure they are given an opportunity to agree or disagree to this. If they do not consent, you then cannot use the information for any other purpose. This applies whether you are collecting the information on a form, over the telephone, or via the website or email.

 

What is sensitive personal data?

Some types of personal information have been singled out as needing particularly careful handling. They are information about racial or ethnic origin, political opinions or religious beliefs, trade union membership, physical or mental health, sex life, and commission of offences and subsequent proceedings.

 

How should personal information be stored?

You must be careful not to accidentally reveal personal information. Keep paper records locked away, and ensure that electronic records are password protected. Be careful when you name files and documents, so as not to accidentally disclose personal information or give a false impression about personal information; for example, a file entitled ‘ John Smith’ within a folder called ‘Debtors’ would imply something about the state of John Smith’s finances which should not be disclosed to all staff members.

 

Can I keep information about myself?

Yes. All official copies of information about staff, e.g. absence records, or performance reports will be kept securely by the relevant department(s). If you wish to keep your own copies of such information, you should follow the same principles as you would for anyone else’s data. If you are leaving the employment of Crosscare, you should remove all personal copies of your information before your departure.


Is information in my Home folder on my computer, or in other personal drives, covered by the Acts?

Yes. All information held by Crosscare is covered by the Acts. If you are storing personal documents, such as private correspondence unconnected with Crosscare’s work, use ‘private’ folders on your C drive.

 

How long can I keep personal information?

You should only keep personal data for as long as it is necessary and for the original purpose for which it was collected. Some reasons, such as mailing lists, may not have a cut off date. Others such as the details of volunteers working on a specific project, should be destroyed when no longer needed.

 

Can I give out personal information over the phone?

You should not give out personal information over the telephone, even if the person on the phone is asking for information about themselves, unless you are absolutely certain that the person is who they say they are e.g. it is a colleague whom you recognise. You may give out the work contact details of staff members if the person on the phone wishes to contact the staff about a business matter. 

 

Who is the Data Protection Commissioner?

The Data Protection Commissioner is responsible for ensuring that bodies are compliant with the Data Protection Acts. He can investigate complaints when individuals feel their personal data has been handled incorrectly.

 

Can personal data be shared between internal departments?

You can share personal information with another department if it is to be used for a reason which is similar to the reason the information was collected in the first place.

 

Can we share personal data with external organisations?

Crosscare can only share data with other bodies if the person has consented to allow this or if there is a basis in the Data Protection Acts to rely on for the sharing.

 

Whose responsibility is it to ensure that shared data is accurate?

It is the responsibility of all CSMs to carry out regular checks to ensure the accuracy of all the personal data which it processes. Crosscare must ensure that data subjects are aware of their right to check the accuracy of data held, and their right to amend it.

 

If you receive personal information from another organisation (e.g. a mailing list from an agency) you do not have to contact the individuals on the list to ensure the accuracy of the data. However, you should check that the source of the information is aware of data protection responsibilities and has fulfilled them as far as possible.

 

If I receive a subject access request asking for ‘everything that Crosscare has about me’, what should I do?

 

Refer to the Data Protection Procedures which contains some information about handling subject access requests. The person asking for their information must prove their identity before the information can be released. You are allowed to ask the person making the request to help you to find their information, for example by asking if they were a visitor to the Offices or a member of staff, and so on.

 

I have found the personal information, but it also contains other sensitive information. What should I do?

The Acts contains exemptions that allow information to be withheld; for example, if releasing it would infringe upon another person’s data protection rights. If you are unsure whether or not information can be released, contact the Data Protection Officer.

 

How does the Freedom of Information Act affect Data Protection?

The Freedom of Information Act refers to government departments and agencies only and therefore does not impact on Crosscare’s work. 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

1.0 “Protecting  People”  -   Summary of Policy 

Crosscare aims to create a safe and healthy environment for our staff, volunteers and service users. We are committed at all times to ensuring the safety and welfare of everyone who comes in contact with our organisation.

To this end we have developed this policy “Protecting our people” which primarily focuses on the protection of children and vulnerable adults in our services but also has a broader remit for the whole of our organisation

We have drawn on many sources in the preparation of this policy. However, it is first and foremost in line with the Governments policy “Children First – National Guidelines for the Protection and Welfare of Children” and secondly,  the Church’s own  policy “Safeguarding Children; the Standards and Guidance Document for the Catholic Church in Ireland 2009”.

Crosscare’s ethos is based on the principle that every person is created in the image and likeness of God. Our four core values of Respect, Human Rights, Integrity and Excellence are cornerstones around which our policy has been developed.

1.1  Staff Conduct

Work practice guidelines ensure safety for those working in and those in contact with our services. There are a number of behaviours expected of staff and volunteers to ensure this is the case:

Violent or aggressive behaviour and physical punishment is not permissible under any circumstances.

Verbal abuse of people in contact with our services or telling jokes of a sexual nature in the presence of service users can never be acceptable. 

Great care should be taken if it is necessary to have a conversation regarding sexual matters with a service user.

Being alone with a child or young person may not always be wise or appropriate practice.  If a situation arises where it is necessary to be alone with a child, another staff member should be informed immediately, by telephone if necessary.  A diary note that the meeting with the young person took place, including the reasons for it, should be made.

Best practice in relation to travel with children and young people should be observed.  Staff should not undertake any car or minibus journey alone with a child or young person.  If, in certain circumstances, only one adult is available, and it is necessary to make a journey alone with a child or young person, a record of this should be made and the child’s parent or guardian should be informed.

Children and young people should not be permitted to work or remain in Crosscare Centres, unless there are at least two adults present.

All service users must be treated with equal respect; favouritism is not acceptable.

Personnel should not engage in or tolerate any behaviour – verbal, psychological or physical – that could be construed as bullying or abusive.

A disproportionate amount of time should not be spent with any particular service user.

Crosscare personnel should never

  • give drugs to service users.
  • take alcohol or drugs when supervising children, young people or service users
  • give alcohol or tobacco anyone under the age of 18
  • take tobacco when supervising anyone under the age of 18

Only age-appropriate language, material on media products (such as camera phones, internet, and video) and activities should be used when working with children and young people.  Sexually explicit or pornographic material is never acceptable.

1.2 Physical Integrity

The physical integrity of service users must be respected at all times.

Personnel must not engage in inappropriate physical contact of any kind – including tough physical play, physical reprimand and horseplay (tickling, wrestling).  This should not prevent appropriate contact in situations where it is necessary to ensure the safety and well-being of a service user (for example, where an individual is distressed).

1.3 Privacy

The right to privacy of service users children and young people must be respected at all times.

Particular care regarding privacy must be taken when young people are in locations such as changing areas, swimming pools, showers and toilets.

Photographs of service users, children or young people must never be taken while they are in changing areas (for example, in a locker room or bathing facility).

Tasks of a personal nature (for example, helping with toileting, washing or changing clothing) should not be done for service users if they can undertake these tasks themselves.

1.4 Meetings with under 18’s

If working with a child or young person alone is unavoidable such meetings should not be held in an isolated environment.  The times and designated locations for meetings should allow for transparency and accountability (for example, be held in rooms with a clear glass panel or window, in buildings where other people are present, and with the door of the room left open).

Both the length and number of meetings should be limited.

Parents or guardians should be informed that the meeting(s) took place, except in circumstances where to do so might place the child in danger.

Any visits by under 18’s to the home of staff and volunteers are not allowed.

When the need for a visit to the home of a child or young person arises, professional boundaries must be observed at all times.

1.5 Special Needs

Service Users with special needs or disability may depend on adults more than others for their care and safety, and so sensitivity and clear communication are particularly important.

Where it is necessary to carry out tasks of a personal nature for service user with special needs, this should be done with the full understanding and consent of the individual, parents or guardians.

In carrying out such personal care tasks, sensitivity must be shown to the service user and the tasks should be undertaken with the utmost discretion.

Any care task of a personal nature which service user can do for themselves should not be undertaken by a worker.

In an emergency situation where this type of help is required, parents should be fully informed as soon as is reasonably possible.

1.6 Trips away from Home for Under 18s

Trips, overnight stays and holidays, need careful advance planning, including adequate provision for safety in regard to transport, facilities, activities and emergencies.  Adequate insurance should be in place.

Written consent by a parent or guardian specifically for each trip and related activities must be obtained well in advance.

A copy of the itinerary and contact telephone numbers should be made available to parents and guardians.

There must be adequate, gender-appropriate, supervision for boys and girls.

Arrangements and procedures must be put in place to ensure that rules and appropriate boundaries are maintained in the relaxed environment of trips away.

Particular attention should be given to ensuring that the privacy of young people is respected when they are away on trips.

The provision of appropriate and adequate sleeping arrangements should be ensured in advance of the trip.

Sleeping areas for boys and girls should be separate and supervised by two adults of the same sex as the group being supervised where possible.

If, in an emergency situation, an adult considers it necessary to be in a children’s dormitory or bedroom without another adult being present they should (a) immediately inform another adult in a position of responsibility and (b) make a diary note of the circumstances.

2.0  Recruitment

 ‘Safe practice starts with safe recruitment procedures’.  Most people who apply to work with children, young people and vulnerable adults in organisations such as Crosscare are well-motivated and potentially suitable for the various tasks involved.  It is most important, however, that all reasonable steps are taken to ensure that this is, in fact, the case.  As well as enhancing the prospects of identifying the best person for the post, rigorous recruitment procedures can act as a deterrent to unsuitable applicants.

 Information relating to the recruitment process in Crosscare is available in the Crosscare Staff handbook.

2.1 Crosscare and Garda  Vetting                                                            

Crosscare is committed to the protection and welfare of children & vulnerable adults in our care.  As part of our overall Child and Vulnerable Adults Protection strategy, Crosscare are committed to best practice in recruitment and selection procedures, which include Garda  vetting.  Therefore, every new & existing staff member, volunteer and / or student must undergo Garda  vetting. 

All posts within Crosscare will be subject to Garda  vetting.  Due to lengthy processing timelines (of up to 8 weeks) by the Garda  Vetting Unit, some applicants may be allowed commence their new posts prior to applications being returned.  It will be made clear that their offer of employment is subject to clearance and any concerns that may arise from the Garda  vetting checks will be addressed with the individual through the approved Review Meeting process.  For some posts however (e.g. those working with under 18s), employees will not be allowed to commence employment with Crosscare until the Garda Vetting process is complete.

All records returned from the Garda Vetting Unit will be kept securely and confidentially in staff personnel file. 

In accordance with best practice, this process will be completed for each staff member approximately every five years. 

Certain convictions or prosecutions of a serious nature, e.g. gross bodily harm, any sexual offence including child pornography, child abuse or a series of offences that might cause concern for the well being of children or vulnerable adults may automatically exclude an individual from working with children or vulnerable adults.

Further information relating to Garda Vetting is held in the appendices to this document.

3.0 Child and Vulnerable Adults Protection Officer (CVAP officer) 

As part of our policy, Crosscare is committed to nominating a Child and Vulnerable Adults Protection Officer as a point of reference for child and vulnerable adults protection issues.

3.1 The responsibilities of the CVAP  Officer will be:

  • To promote awareness of “Protecting our People” Crosscare’s Child and Vulnerable Adult Protection Policy and to provide training to all staff on same.
  • To ensure that all staff have a point of reference for any child and vulnerable adult protection concerns.
  • To facilitate anyone in the organisation in bringing an allegation or suspicion of child or vulnerable adult abuse to the attention of the relevant statutory organisations.
  • To hold all records regarding disclosures relating to suspicions, concerns or allegations of child or vulnerable adult abuse and report this as required to the Diocesan Designated Person.
  • To hold a central record of any allegations of child or vulnerable adult abuse made within Crosscare.
  • To advise on work practices to ensure the safety of children and vulnerable adults.
  • The CVAP Officer will be given every assistance by the Senior Management Team in carrying out his/her task.
  • The CVAP Officer will liaise with the relevant statutory authorities in relation to every allegation, suspicion or concern.

To assist the reporting of child protection concerns, the contact details of the Crosscare’s CVAP Officer, the H.S.E. and the Garda i will be made widely available. In the absence (annual leave etc) of the CVAP, the Senior Manager for Young People’s Services will act as CVAP.

4.0 Specific Protection for Children

Projects within Crosscare which work specifically with children and young people have a Child Protection Policy which is specifically tailored to suit their particular client-group.  These programmes are:

  1. Teen Counselling
  2. Young Peoples care services
  3. Youth Services 

Crosscare is fully committed to safeguarding the well-being of all the children and young people with whom we work.  Our overall policy on child protection is in accordance with the statutory guidelines “Children First 1999”.

The Child Care Act, 1991 defines a child as someone under 18 years of age who is not married. Similar definitions exist in the UN Convention and the National Children’s Strategy in Ireland.

4.1 Definitions of Abuse of children

The rationale behind drawing up a Policy for Crosscare is based on best practice as outlined in Statutory Guidelines.  With this in mind, perhaps it is helpful at this point to define what is meant by child abuse.

Child abuse occurs when the behaviour of someone in a position of greater power than a child or young person abuses that power and causes harm to that child or young person.  Child abuse, for our purposes, is categorised into four groups:

  1. 1.Emotional abuse
  2. 2.Physical Abuse
  3. 3.Sexual Abuse
  4. 4.Neglect

A child may be subjected to one or more forms of abuse at any given time. Definitions of the four types of abuse, how to recognise abuse and an explanation of “reasonable grounds for concern” are included in Appendix 1, which is based on “Children First – National Guidelines for the Protection and Welfare of Children”.

When developing structures to safe-guard children in Crosscare, special regard is given to children with particular vulnerabilities who may need additional support.

Each staff member and volunteer, together with Crosscare Council, will have access to a copy of the Policy document and asked to read it to ensure that everyone knows the Organisation Policy on Child Protection. All staff members must receive a briefing on the Child and Vulnerable Adults Protection Policy and further training will be provided for staff members who work or come in contact on a regular basis with children or young people.

If a staff member has a concern in relation to the welfare of a child in contact with any service, or if a child makes an allegation of abuse as defined above, the staff member should either :

  1. Follow the Project specific Child Protection Policy
  2. Contact the CVAP Officer for advice, in consultation with line manager

All groups operating in a Crosscare setting, including visiting groups, will be made aware of the policies and procedures for child protection in operation in the Organisation and shall be asked to confirm that they will implement these policies and procedures.  Responsibility for ensuring that our Policy has the agreement of such groups will fall on the relevant Manager.

4.2 Staff and volunteers from another agency/organisation

  • For staff/volunteers working directly with children/young people, Garda  vetting will be sought by Crosscare.
  • If the volunteer/staff has already obtained Garda vetting through their own organisation, in the previous 18 months, a letter should be sought by their organisation confirming this fact.

4.3 Under 18s Working as Volunteers

Where programmes work directly with children or young people, or have anyone under 18 working as a volunteer or student, the following procedures should be put in place:.

1. Parental Consent

Ensure that a signed consent form from parents or guardians is obtained prior to an under 18 being placed in any of Crosscare’s services or prior to participation of children and young people in events, activities and groups.

2. Work Practice

Work practice guidelines appropriate to working with any child or vulnerable adult as referred to in Section 1 should be implemented when working with under 18s as volunteers. 

4.4 Dealing with Challenging or disruptive behaviour

Staff who deal directly with children and young people will be given guidance and support in dealing with difficult behaviour.  Crosscare ensures that the safety and welfare of the children and young people is a priority and that staff will deal sensitively and professionally with any difficult issues that may arise.  Where instances of challenging or disruptive behaviour occur with children/young people, a record will be kept of this where the instance requires the intervention of a worker or volunteer or where the safety and well being of others are at risk.  In a case of such behaviour, two workers/volunteers should be present where possible in dealing with the situation.  Staff members who are present at the time, should complete the incident/accident report form.

The report of the incident should include:

  • The programme or activity which was happening at the time;
  • Date of Incident;
  • A record of what happened;
  • Details of who was involved;
  • Details of where and when it happened;
  • A record of any significant comments;
  • A record of any injury to person or property;
  • Details of how the situation was resolved or left.

4.5 Bullying

Bullying behaviour can be defined as repeated aggression be it verbal, psychological or physical which is conducted by an individual or group against others. 

Examples of bullying include:

  • Teasing
  • Taunting
  • Threatening
  • Hitting
  • Extortion
  • Exclusion.
  • Cyber and text

Crosscare will not tolerate any bullying behaviour by children/young people or adults and will deal with any incidents immediately.

4.6 Dealing with a disclosure of abuse

Everyone must be alert to the possibility that children with whom they are in contact may be experiencing abuse or have been abused in the past. This is an important responsibility for staff and volunteers when working with children and young people.

In the event of a child/young person disclosing an incident of abuse it is essential that this is dealt with sensitively and professionally by the staff member/volunteer involved.  The following are guidelines to support the worker/volunteer in this:

  • React calmly;
  • Listen carefully and attentively; take the young person seriously;
  • Reassure the young person that they have taken the right action in talking to you;
  • Do not promise to keep anything secret;
  • Ask questions for clarification only.  Do not ask leading questions;
  • Check back with the child/young person that what you have heard is correct and understood;
  • Do not express any opinions about the alleged abuser;
  • Record the conversation as soon as possible, in as much detail as possible.  Sign and date the record;
  • Ensure that the child/young person understands the procedures which will follow;
  • Pass the information to the CVAP Officer, do not attempt to deal with the problem alone;
  • Treat the information confidentially.

4.7 Reporting procedure in respect of child abuse

Crosscare has put in place the following standard reporting procedure for dealing with disclosures, concerns or allegations of child abuse. 

The guiding principles in regard to reporting child abuse are summarised as follows:

  • The safety and well-being of the child or young person must take priority
  • Reports should be made without delay to the HSE
  • While the basis for concern must be established as comprehensively as possible, children or parents should not be interviewed in detail about disclosures, concerns or allegations of abuse. 

The reporting procedure for dealing with disclosures, concerns or allegations of child abuse is outlined in the following steps:

  • If a staff member is working in a Project with a specific Child Protection policy, he/she refers to that policy, and notifies the CVAP Officer that they are doing so. If not, the following steps should be followed.
  • The employee or volunteer who has received a disclosure of child abuse or who has concerns of abuse should bring it to the attention of the CVAP Officer immediately.
  • The CVAP Officer will assess and review the information that has been provided.  The CVAP will contact the HSE for informal advice relating to the allegation, concern or disclosure.
  • After consultation with the HSE officials, the CVAP Officer will then take one of two options:
    • Report the allegation, concern or disclosure to the HSE or
    • Not make a formal report to HSE but keep a record of the concerns on file.  The reasons for not reporting the allegation, concern or disclosure will be clearly recorded.

In an emergency a report should be made directly to An Garda  Síochána.

In making a report on suspected or actual child abuse, the individual must ensure that the first priority is always for the safety and welfare of the young person and that no child or young person is ever left in an un-safe situation.  

Parents/guardians of the child will be informed of the allegation, concern or disclosure unless doing so is likely to endanger the child.

4.8 Information required when making a report

The more information which is gathered and put together on the Standard Reporting Form which has been adopted by Crosscare, the easier it will be to assess an allegation, concern or disclosure of abuse.   Reports which are made anonymously to staff will be followed up but this may take longer and will make it more difficult for the professionals involved to assess the situation.  If a person is unsure about the case, it may be useful to talk over the issue with the CVAP Officer. The CVAP Officer may advise discussion with a HSE worker before making an official report. 

4.9 Confidentiality

In matters of child abuse, an employee/volunteer should never promise to keep secret, any information which is divulged.  It should be explained to the young person that this information cannot be kept secret but only those who need to know, will be told.  

It is essential in reporting any case of alleged/suspected abuse that the principle of confidentiality applies.  The information should only be shared on a ‘need to know’ basis and the number of people that need to be informed should be kept to a minimum.

4.10 The Protections for Persons Reporting Child Abuse Act, 1998

This Act provides immunity from civil liability to persons who report child abuse ‘reasonably and in good faith’ to the HSE or An Garda  Síochána [see Appendix for further details]

4.11 Allegation relating to a staff member

Where an allegation of abuse is made against an employee of Crosscare, there are two procedures that Crosscare will put in place:

  • The reporting procedure in respect of the allegation (Section 4.7)
  • The procedure for dealing with the employee.

If an allegation of abuse is made against a staff member, the line manager must be immediately informed. If the line manager is unavailable, the next most senior staff member available should be contacted.

In the case of the allegation being against an employee of Crosscare the same person will not deal with both the young person and the alleged abuser.  Employment/contractual issues will be dealt with separately. The CVAP Officer will follow the normal reporting procedure in Crosscare.  It will be the responsibility of the HR Manager to advise on the HR policy relating to the staff member against whom an allegation has been made. 

  • The safety of the child is the first priority of Crosscare and all necessary measures will be taken to ensure that the child is safe.  The measures taken will be proportionate to the level of risk. 
  • Crosscare will ensure that no other children/young people are at risk during this period and will inform other relevant agencies.
  • The measures which can be taken to ensure the safety of children and young people can include the following: suspension of duties of the person accused, re-assignment of duties where the accused will not have contact with children/young people, working under increased supervision during the period of the investigation or other measures as deemed appropriate.
  • If a formal report is being made the employer will notify the employee that an allegation has been made and what the nature of the allegation is.  The employee has a right to respond to this and this response should be documented and retained.
  • Crosscare will ensure that the principle of ‘natural justice’ will apply whereby a person is considered innocent until proven otherwise.
  • Crosscare will work in co-operation with An Garda  Síochána and the HSE and any decisions on action to be taken in regard to the employee will be taken in consultation with these agencies.
  • The person against whom the allegation is made will need support during this period and Crosscare will provide advice on how to access the relevant support services.

4.12 Adults disclosing abuse

Retrospective Disclosures

A retrospective disclosure occurs when a child, young person or adult attending the service reports abuse in their past, generally as a child. It is important that all service users are aware of the limits to confidentiality.  In the case of retrospective disclosures there is a need for balance between the needs/rights of the service user and the addressing of Child Protection issues. This is a complex issue and requires good assessment and supervision.

Where there is an obvious potential risk to children, a referral is made to the H.S.E. immediately. If the service user does not provide identifying details the case is discussed with the local CVAP Officer for direction.

Where current risk to a client or other children is not clear the following issues are to be considered in consultation with the staff member’s line manager and CVAP Officer:

  1. 1.Is this an actual first disclosure or has the allegation been made previously elsewhere? If it is a first disclosure then serious consideration must be given to referral to the H.S.E. Discuss the issue of referral of the disclosure with the service user. Consider with them the protection of children currently, their own right to have their abuse recognised and validated, the importance of breaking the cycle of abuse and our obligations under the Children First Guidelines.
  1. 2.Does the service user consider there is current risk to a child? Our policy is that the H.S.E. is the agency with responsibility for risk assessment. However, this is an important question to consider with our service users as it may help them engage fully with a referral to the H.S.It may take time to involve the service user in this process.
  1. 3.Has the service user provided identifying details of the alleged abuser? A service user will not be asked for identifying details until the process of referral has been discussed with them. If a service user would like to provide identifying details they will be advised that these details will be passed on to the H.S.E. There is no onus on the service user to provide these details.
  1. 4.What is the likely impact of a referral to the H.S.E. on the mental health and welfare of the service user? Is there any risk for them in relation to self-harm/suicide? Is their mental health at risk in some way e.g. history of mental health problems which may be exacerbated or improved by this referral? A referral to the H.S.E. will note any of these concerns.
  1. 5.When a decision is taken to refer to the H.S.E. the policy on Reporting to the H.S.E. is followed. The adult client should be given the option of self-referral, but in all instances Crosscare will make the referral for a service user under 18.

            In all cases the situation may be discussed informally with the Child Care Manager of the H.S.E. for direction.  

4.13 Adults disclosing that they have abused or are abusing children

It can often be the case that adults with whom we work in Crosscare, may have themselves been abusers of children. By disclosing this to a staff member, they are in fact disclosing a criminal act, and this must in all cases be reported to the HSE following the guidelines as defined above in 4.7.

The principle governing all actions in the disclosure of child abuse is that the safety and welfare of the child is paramount.

4.12 Record Keeping

The CVAP Officer is responsible for keeping the following records related to child protection in a locked filing cabinet. The CVAP Officer, Senior Manager for Young People’s Services, Director of Crosscare and the Diocesan Designated Person are the only people who have access to these records:

  • Any complaints about the safety and welfare of children/young people while working with Crosscare
  • Any disclosures, concerns or allegations of child abuse;
  • The follow up to any complaints, disclosure, concerns or allegations, including informal advice from the HSE, reports to the HSE and informing parents/guardians. 

4.13 Staff Training

All staff working directly with children and young people will be expected to participate in the full Diocesan Training – Keeping Safe.  All staff must attend the briefing on Keeping Safe.

Where young people, under 18 years, are assisting in the work of Crosscare, they will receive appropriate information on the Child and Vulnerable Adult Protection Policy and national child protection policy at a level suitable to their age and experience.  These young people will always work in partnership with or under the supervision of an adult.

Induction training for any new staff will include briefing on the Crosscare Child and Vulnerable Adult protection policy.

5.0 Specific Protection of Vulnerable Adults

There is no universally accepted definition of the term “vulnerable adults”.  In the past, gardai have referred to the definition of a vulnerable adult as: “Adults who are over 18 and who are in need of community care services by reason of mental or other disability, age or illness and who are or may be unable to take care of themselves or who are unable to protect themselves against significant harm or exploitation.”

For the purposes of this policy, it is acknowledged that all services within Crosscare come in contact with vulnerable adults and adults in vulnerable situations and therefore should adhere to the following guidelines. Crosscare acknowledges that the same legislative protection is not yet in place for vulnerable adults, as is for the protection of children. Therefore concerns for the welfare of such clients will be dealt with on a case-by-case basis, in accordance with best practice.  This policy will be updated in accordance with any development in legislation. 

Whilst there is not currently the same legislative protection for vulnerable adults, Crosscare upholds the human right of all our clients to live a life free from abuse.

5.1 Definition of abuse relating to vulnerable adults

“A single or repeated act or lack of appropriate action occurring within any

relationship where there is an expectation of trust which causes harm or distress to a person or violates their human and civil rights.’’

Abuse can take place in any context. It may occur when a person lives alone or with a relative; it may occur within residential or day-care settings, in hospitals, home support services and other places assumed to be safe, or in public places.

A wide range of people may abuse vulnerable people, including relatives and family members, professional staff, paid care workers, volunteers, other service users, neighbours, friends and associates.

5.2 Forms of Abuse

There are several forms of abuse, any or all of which may be perpetrated as the result of deliberate intent, negligence or ignorance.

 Physical abuse, including hitting, slapping, pushing, kicking, misuse of medication, restraint, or inappropriate sanctions.

Sexual abuse, including rape and sexual assault or sexual acts to which the vulnerable adult has not consented, or could not consent, or into which he or she was compelled / coerced to consent.

Psychological abuse, including emotional abuse, threats of harm or abandonment, deprivation of contact, humiliation, blaming, controlling, intimidation, coercion, harassment, verbal abuse, isolation or withdrawal from services or supportive networks.

Financial or material abuse, including theft, fraud, exploitation, pressure in connection with wills, property or inheritance or financial transactions, or the misuse or misappropriation of property, possessions or benefits.

Neglect and acts of omission, including ignoring medical or physical care needs, failure to provide access to appropriate health, social care or educational services, the withholding of the necessities of life, such as medication, adequate nutrition and heating.

Discriminatory abuse, including racism, sexism that based on a person’s disability, and other forms of harassment, slurs or similar treatment.

 5.3 Dealing with complaints or allegations

The seriousness or extent of abuse is often not clear when concern about it is first expressed. It is important, therefore, when considering the appropriateness of intervention, to approach reports of incidents or allegations with an open mind. In making any assessment of seriousness, the following factors should be considered:

  • the vulnerability of the individual
  • the nature and extent of the abuse
  • the length of time it has been occurring
  • the impact on the individual
  • the risk of repeated or increasingly serious acts involving this person or others.

Information may come from a variety of sources including the person suffering abuse, a staff member, a concerned relative, or a health and social care worker. The information may come in the form of a complaint or an expression of concern, or it may come to light during a health or social care assessment. It is worth noting that, in the first instance, this information may not come with the knowledge or consent of the person who is suffering the abuse. Therefore, further evaluation should take place with his or her knowledge and consent, if he or she has capacity and is free from undue duress.

Some instances of abuse constitute a criminal offence and should be reported to the Gardai. Examples of actions that might constitute criminal offences are physical assault, sexual assault and rape, theft and fraud or other forms of financial exploitation.

5.4 Basic reporting procedure

All reports and/or suspicions of abuse should be taken seriously. Any staff member or volunteer who receives information, suspects or is concerned that a person in contact with our services has been abused, is being abused or is at risk of abuse should discuss the matter with his or her line manager as soon as possible.

The follow on from this initial step can differ depending on the nature of the report / suspicion, and on the external agencies potentially involved in a person’s care.

Examples of actions that may be taken are :

1. A written referral form could be completed at the earliest opportunity following this discussion and sent to the health board appointed Senior Case-Worker / Social Worker if the person has such a HSE appointed person attached to their case, who should take responsibility for it and begin an assessment or investigation. 

2. A report could be reported directly to An Garda  Siochana where a criminal offence has been committed and where the person making the allegation is in agreement that the report be made.

3. Advice may be sought from the Child & Vulnerable Adult Protection Office.

4. If a report and/or suspicion is in relation to a staff member then the matter should be referred to HR

5. Where a report or suspicion is made in relation to the quality of care a person receives, the matter should be referred to the relevant Senior Manager.

All those making a complaint, whether staff, service-users, carers or members of the general public, should be assured of the following:

  • Their remarks will be taken seriously.
  • Their comments will be treated in confidence but their concerns may be shared if they or others are at significant risk.
  • They will be dealt with in a fair and equitable manner.
  • They will be kept informed of action that has been taken and its outcome within a reasonable time limit.
  • If they are service-users, they will be given immediate protection, where possible, from the risk of reprisals or intimidation.
  • If they are service-providers, they will be given support and afforded protection.

Concerns reported anonymously should be followed up, depending on the content of the report and the nature of any other information about the older person held by the service provider.

Those reporting anonymously should be informed that anonymity may restrict the ability of professionals to access information or to intervene to protect the person. The anonymous reporter should be urged to identify himself or herself and encouraged to make a statement in writing or in person.

5.5 Management and co-ordination of the response to allegations

The task of investigating an allegation or complaint will involve the management and coordination of the following, several of which may run in parallel:

  • Investigation of the complaint.
  • Assessment of needs and care planning for the person at the centre of the allegation.
  • Determination as to whether a crime has occured.
  • Action by employers (e.g. suspension, disciplinary proceedings, development of and use of complaints and grievance procedures, action to remove the perpetrator from the professional register).
  • Arrangements for treatment or care of the suspected perpetrator, if appropriate.
  • Consideration of the implications relating to regulation, inspection and contract
  • monitoring.

An investigation should be co-ordinated in a way that ensures that there is no unnecessary duplication, especially in interviewing the person making the allegation or the alleged perpetrator of the abuse.

In exceptional circumstances, especially if the matter is very serious or there is evidence that a criminal offence has taken place, the first notification may be to the Gardaı.

An early referral to or consultation with the Gardaı , however, does not mean that criminal proceedings will follow, and it may have benefits:

  • It may enable the Gardaı to establish whether or not a criminal act has been committed
  • and so allow them to determine if, and at what stage, they need to become involved.
  • A higher standard of proof is required in criminal proceedings than in disciplinary or regulatory proceedings, and early involvement can help the Garda ı to ensure that forensic evidence is not lost or contaminated.
  • Garda ı are skilled at conducting investigations and interviews, and early involvement may prevent the person being interviewed unnecessarily.
  • Garda ı may be able to provide guidance about support services, e.g. Victim Support or Rape Crisis Centres.
  • It may be necessary for Garda ı to provide protection for witnesses.

5.6  Assessing the needs of the person

Once an investigation has established the facts, an assessment of the needs of the person must be made. This assessment will be organised by the Case-Worker and will involve discussion, decision-making and planning for the person’s well-being and protection. A case conference may take place.

In deciding what action to take, the rights of people to make choices and take risks and their capacity to make decisions about arrangements for investigating or responding to the abusive situation should be taken into account. Therefore the person should be included in the assessment process, as a matter of course, unless mental incapacity has been established.

The person’s capacity is key to decisions about action to be taken. For example, if someone has mental capacity and refuses assistance, this limits the help that he or she can be given; it will not, however, limit the action that may be required to protect others who are at risk. Unless there is evidence to the contrary, people should be assumed to have the mental capacity to make decisions and give consent. If there is evidence of intimidation, a misuse of authority or undue influence, an assessment of the  person’s mental capacity may be necessary.

5.7  Making a decision

One outcome of the investigation and assessment will be the formulation of an agreed care plan for the  person.

Every effort should be made to involve the person, his or her carer or family member (if any) and the alleged perpetrator, if appropriate, in both the assessment and planning of his or her future care. However, the person’s wishes with regard to who should be involved must be respected.

The services recommended by the care plan should be tailored to the needs of the person. They must be designed to alleviate the stress caused by the abuse. The relevant service will be responsible for implementing the care plan. Implementation of the care plan should fulfil the requirements of the assessment by providing the most suitable services available. Priority must be given to the prevention of future abuse (guidelines on intervention can be found in the Appendix).

5.8  Allegation relating to a staff member

Where an allegation of abuse is made against an employee of Crosscare, there are two procedures that Crosscare will put in place:

  • The procedure in respect of the service user;
  • The procedure for dealing with the employee.

In the case of the allegation being against an employee of Crosscare the same person will not deal with both the service user and the alleged abuser.  Employment/contractual issues will be dealt with separately. The CVAP Officer will advise on matters relating to the care of the service user and it will be the responsibility of the HR Manager to advise on the HR policy relating to the staff member against whom an allegation has been made.  

  • The safety of the service user is the first priority of Crosscare and all necessary measures will be taken to ensure that the service user is safe.  The measures taken will be proportionate to the level of risk. 
  • Crosscare will ensure that no other service users are at risk during this period and will inform other relevant agencies or parents/carers as appropriate.
  • The measures which can be taken to ensure the safety of all service users can include the following: suspension of duties of the person accused, re-assignment of duties where the accused will not have contact with children/young people or vulnerable adults, working under increased supervision during the period of the investigation or other measures as deemed appropriate.
  • If a formal report is being made the employer will notify the employee that an allegation has been made and what the nature of the allegation is.  The employee has a right to respond to this and this response should be documented and retained.
  • Crosscare will ensure that the principle of ‘natural justice’ will apply whereby a person is considered innocent until proven otherwise.
  • Crosscare will work in co-operation with An Garda  Síochána and the HSE where appropriate and any decisions on action to be taken in regard to the employee will be taken in consultation with these agencies.
  • The person against whom the allegation is made will need support during this period and Crosscare will provide advice on how to access the relevant support services.

5.9  Record-keeping

When a complaint or allegation of abuse is received, a clear and accurate record of it and any action taken in relation to it must be made. All relevant details should be incorporated into the service and the service-user’s file.

Files may be used in legal and/or disciplinary proceedings; in addition, under the Freedom of Information Act 1997 and Data Protection Act, people have a right to see what is written about them in files. Staff, via training and written guidance, should be instructed about how to record information, what information is relevant and what information should not be recorded for fear that it may be in breach of a person’s legal rights. The issue of confidentiality of information should also be examined.

A record of all complaints or allegations of abuse should be forwarded to the Child & Vulnerable Adult Protection Officer.

5.10 Alleged perpetrators who are also service users

If the alleged perpetrator is also a service user, potentially living with, sharing accommodation with the vulnerable adult, the organisation must balance its duty of care to both.  

  • The safety of the person allegedly experiencing the abuse is the first priority of Crosscare and all necessary measures will be taken to ensure that the person is safe.  The measures taken will be proportionate to the level of risk. 
  • Crosscare will ensure that no other service users are at risk.
  • The measures which can be taken to ensure the safety of others can include the following: distancing within the service, separate appointment times, exclusion from service.
  • Crosscare will ensure that the principle of ‘natural justice’ will apply whereby a person is considered innocent until proven otherwise.
  • Crosscare will work in co-operation with An Garda  Síochána and the HSE where appropriate and any decisions on action to be taken in regard to the service user will be taken in consultation with these agencies.
  • The person against whom the allegation is made will need support during this period and Crosscare will provide advice on how to access the relevant support services.

 

 

Introduction

Crosscare has an ethical responsibility to maintain the highest standards of confidentiality in the safeguarding of information about its staff members, volunteers and service users.  

Information collection is essential to us fulfilling our duties.  Data Protection legislation seeks to give people control of their own personal information and so it confers certain obligations on Crosscare in relation to how personal information is collected and used.

The legislation was originally introduced to protect individual’s personal information from misuse by automated means.  This has since been extended to include processing of manual data.

The Data Protection Acts of 1988 and 2003 have a significant role to play in supporting our work.  The aim of this policy is to ensure that each Crosscare staff member has an understanding of the concepts of Data Protection and is aware of their own responsibilities in relation to the organisation’s overall compliance with the Acts.

Definitions

Data Protection is the safeguarding of the rights of individuals to privacy and integrity in relation to the processing of their personal data.  The Data Protection Acts of 1988 & 2003 confer rights on individuals as well as responsibilities on those persons handling, processing, managing and controlling personal data.

Data Controller – an individual or entity who controls the contents and use of personal data.

Data Protection Officer - the individual within an organisation who has responsibility for data protection. 

Data means information in any form, which can be processed.  It includes both automated or electronic data and manual data.

Automated data means any information created and held on computers.  Examples of this would be a word document, an email or a database.

Manual Data means information that is kept as part of a relevant filing system or with the intention that it should form part of a relevant filing system.  Examples of these are traditional paper files, reports and statements as well as personnel and financial records which are used as part of our daily operational duties.

Relevant filing systems means any sets of information, which are not computerised but are structured by reference to individuals or by reference to criteria relating to individuals so that specific information relating to a particular individual is readily accessible.  Examples of these would be files which contain information about an individual such as personal files in HR.

Personal data means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in or likely to come into the possession of the Data Controller.

Access Request is where a person makes a request to the for a copy of their personal data under Section 4 of the Acts.

Sensitive personal data relates to specific categories of data which are identified as data relating to a person’s racial origin; political opinions; religious or other beliefs; physical or mental health; sexual life; criminal convictions or the alleged commission of an offence; membership of a trade union.  Examples of these are files or entries containing details of allegations, prosecutions or convictions with regard to an individual.  A higher duty of care is required by the Data Protection Acts in relation to the processing of sensitive data.

Processing means performing any operation or set of operations on data including:

  • •Obtaining, recording or keeping data;
  • •Collecting, organising, storing, altering or adapting data;
  • •Retrieving, consulting or using data;
  • •Disclosing the data by transmitting, disseminating or otherwise making it available;
  • •Aligning, combining, blocking, erasing or destroying data.

Data Subject is an individual who is the subject of personal data.

Data Processor is a person who processes personal information on behalf of the Data Controller.

Data Protection Rules

The following are the eight Rules Data Protection, which must be adhered to at all times.

Rule 1.  Obtain and process information fairly

Crosscare will obtain and process personal data fairly and in accordance with the fulfillment of its functions. The Data Subject must be made aware of the following;

  • •The identity of the Data Controller
  • •The purpose in collecting the data
  • •The persons or categories of persons to whom the data may be disclosed and
  • •Any other information which is necessary so that processing may be fair.

To fairly process personal data it must have been fairly obtained in line with the above, the data subject must have given consent to the processing, or the processing must be necessary for one or more of the following reasons and any one or more will apply to the performance of our function:-

  • •To prevent injury or other damage to the health of the data subject
  • •To prevent serious loss or damage to property of the data subject
  • •To protect the vital interests of the data subject
  • •Where the seeking of the consent of the data subject is likely to result in those interests being damaged               

There will be circumstances when the purpose of information or data to be used is obvious.  On other occasions it may be necessary to provide an explanation.  

Rule 2.                  Keep it for only one or more specified, explicit and lawful purposes

  • •Crosscare will keep data for purposes that are specific, lawful and clearly stated and the data will only be processed in a manner compatible with these purposes.
  • •A person has the right to question the purpose for which Crosscare holds his/her data and Crosscare must be able to identify that purpose.

Crossscare holds information for a variety of purposes.  Much of this information is held for administrative and functional purposes.  Personnel files of all staff members including financial details are kept.  All such information must be obtained and processed in compliance with the Acts. 

Rule 3.  Use and disclose it only in ways compatible with these purposes.

Crosscare will only disclose personal data that is necessary for the purpose(s) or compatible with the purpose(s) for which it collects and keeps the data.  Disclosure in the context of data protection is the provision of personal data to a third party by any means whether written, verbally or electronically.

The Act places serious responsibility on every employee not to disclose data in relation to any individual to any other individual who is not entitled by law to receive it.  Personal data is used within Crosscare in the normal course of operational functions. Any use or disclosure must be necessary for the purpose(s) or compatible with the purpose(s) for which the data is collected and kept.  An employee making a disclosure should consider whether the data subject would be surprised to learn that a particular disclosure is taking place. If the potential answer to this question is yes then there is a need to question the basis for the disclosure prior to making it.

In all cases the identity of the recipient of the disclosure should be established along with the specific purpose of the disclosure and the legal basis/power to disclose the relevant data.  A record of all disclosures should be maintained.  In cases where there is any doubt as to disclosure, or the status of the data concerned, a file should be submitted to the Data Protection Officer for directions.

Examples of legitimate disclosures are;

  • •Statements or information issued to the media which are managed in conjunction with Crosscare’s Communications officer
  • •Information provided to the Pension Fund Managers regarding new employees who are entitled to join the scheme

Examples of illegitimate disclosures are;

  • •Accessing or Disclosing Personal data for any purpose other than that for which it is obtained is prohibited. 
  • •Examples of this would be an employee accessing and or disclosing personal home details of a colleague to a member of the public without their consent
  • •Accessing and or disclosing details of any person’s criminal convictions to a party not entitled to receive them

 

Rule 4.  Keep it safe and secure.

Crosscare will take appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of, the data and against their accidental loss or destruction.  Crosscare is aware that high standards of security are essential for all personal information.

Appropriate security measures must be taken against unauthorised access to, or alteration, disclosure or destruction of, personal data and against accidental loss or destruction.  The security of personal information is all important, but the key word here is appropriate, in that it is more significant in some situations than in others, depending on such matters as confidentiality and sensitivity and the harm which might result from an unauthorised disclosure.  High standards of security are, nevertheless, essential for all personal information.  The nature of security used may take into account what is available, the cost of implementation and the sensitivity of the data in question. 

 

The standard of security expected of all staff members in Crosscare includes the following;

  • •Computer systems password protected
  • •Access to information restricted to authorised staff on a “need to know” basis in accordance with a defined policy
  • •Information on computer screens and manual files hidden from callers to offices
  • •Back-up procedures in operation for computer held data, including off-site back-up
  • •All waste papers, printouts etc disposed of carefully by shredding
  • •All employees must log off all computers on each occasion when they leave their work station
  • •Personal security passwords must not be disclosed to any other employees
  • •All premises must be secure when unoccupied

 

Each Crosscare Senior Service Manager will be responsible for all the above within Crosscare with periodic reviews of the measures and practices in place

 

Every contact on the computer systems leaves a trace and each staff member should be acutely aware that all activity under their password is recorded.  During an Audit or Investigation procedure they may be asked to account for the reasons they accessed a particular individual’s data at any given time and what they did with it afterwards.  Crosscare will ensure that appropriate data protection and confidentiality clauses are in place with any processors of personal information on its behalf.

 

Rule 5.  Keep it accurate, complete and up-to-date.

 

Crosscare will ensure high levels of data accuracy.  Crosscare will keep personal data up-to-date.  Crosscare will put in place appropriate procedures to assist staff in keeping data up-to-date.

 

To comply with this rule Crosscare will ensure that: -

 

  • •Administration and computer procedures are adequate to ensure high levels of data accuracy
  • •The general requirement to keep personal data up to date has been fully implemented
  • •Appropriate procedures are in place, including periodic review and audit, to ensure that each data item is kept up to date

 

Section 6 of the Acts gives a person the right to seek to have personal data amended or erased where it can be shown to be incorrect.

 

Rule 6. Ensure that it is adequate, relevant and not excessive.

 

Personal data held by Crosscare will be adequate, relevant and not excessive in relation to the

purpose(s) for which it is kept.

 

A staff member of Crosscare can fulfill this requirement by making sure they only seek and retain the minimum amount of personal data needed for the specified purpose.

 

To comply with this rule each employee should ensure that the information held is:

 

  • Adequate in relation to the purpose(s) for which it is kept;
  • Relevant in relation to the purpose(s) for which it is kept;
  • Not excessive in relation to the purpose(s) for which it is kept;
  • Retain it for no longer than is necessary for the purpose or purposes.

               

Rule 7. Crosscare will have a policy on retention periods for personal data. 

 

This requirement places a responsibility on Crosscare to be clear about the length of time data will be kept and the reason why the information is being retained.  To meet this requirement,  Crosscare will ensure that all files are managed and appropriate Retention/Disposition schedules are in place.

 

For the purpose of retention, Data will be categorised into current files, non-current files and archives.  Crosscare’s archive files are stored in and are under the management of the Dublin Diocesan Archives office.

 

Rule 8. Give a copy of his/her personal data to that individual, on request.

 

Crosscare will have procedures in place to ensure that data subjects can exercise their rights under the Data Protection Acts.

 

On making an access request any individual, about whom Crosscare keeps personal data, is entitled to;

  • •A copy of the data being kept about him/her
  • •Know the purpose(s) for processing his/her data
  • •Know the identity of those to whom the organisation discloses the data
  • •Know the source of the data
  • •Know the logic involved in automated systems
  • •A copy of the any data held in the form of opinions, except where such opinions were given in confidence.

 

Crosscare has clear coordinated procedures in place to ensure that all relevant manual files and computers are checked for the data in respect of which the access request is made.

 

To make an access request the data subject must;

 

  • •Apply to Crosscare for access to their personal data Section 4 of the Data Protection Acts 1988 & 2003
  • •Give any details which might be needed to help identify him/her and locate all the information you may keep about him/her e.g. previous addresses, dates of employment etc
  • •Pay the appropriate access fee €6.35

 

Every individual about whom a Data Controller keeps personal information has a number of rights under the Act, in addition to the right of access.  These include the right to have any inaccurate information rectified or erased and the right to complain to the Data Protection Commissioner.  In response to an access request Crosscare must;

  • •Supply the information to the individual promptly and within 40 days of receiving the request
  • •Provide the information in a form which is clear to the ordinary person, e.g. codes must be explained in ordinary language
  • •Where an access request is refused, the reasons for the refusal of the request must be clearly outlined to the Data Subject.

 

Method of application requests for personal data should be made in writing on the prescribed form to the: -

               

                Conor Hickey

Data Protection Officer,

                Crosscare,

                Clonliffe Road,

                Dublin 3.

 

Responding to requests once a valid request is received.

Crosscare must respond within 40 days, even if the personal data is not held or an exemption is relied upon.

 

Roles and Responsibilities

 

Crosscare Senior Managers (CSMs)

Crosscare’s management structure comprises of a senior management team. There are six senior service managers and a Director of HR and Director of Finance. Collectively these managers are known as Crosscare Senior managers (CSMs) and there are responsible for each of the units under their span of control.

 

The CSMs are responsible for implementation of the Data Protection policy with advice and support from the Data Protection Officer.

 

The CSMs are responsible for: -

  • •Keeping personal data up to date as required.
  • •Retaining personal data no longer than necessary.
  • •Day to day security of the office environment (manual and automated records).
  • •Methods of handling personal information are clearly described and documented.
  • •All staff handling personal information are appropriately trained to do so.
  • •All staff handling personal information are appropriately supervised.
  • •Performance with handling personal information is regularly assessed and reviewed.
  • •The Data Protection Officer is kept informed of manual and automated systems storing and/or processing personal information.
  • •Continuous assessment of the need for all current personal information storage and processing and elimination of any that is not necessary.

 

Data Protection Officer

 

The responsibility for support and guidance of CSM’s in relation to compliance with Data Protection legislation lies with the Data Protection Officer.

 

This involves;

  • •Co-ordination of data protection within all Crosscare projects;
  • •Ensuring that reporting lines exist to allow other employees to raise matters relating to Data Protection at a senior level;
  • •Managing the organisation’s statutory obligations in respect of Data Protection Acts including compliance with the Data Protection principles, registration with the Data Protection Commissioner where applicable and securing individuals rights under the Acts;
  • •Maintaining an  up to date knowledge of Data Protection legislation and general developments in other relevant areas and to ensure that this Code of Practice is disseminated and adhered to throughout the offices
  • •Promoting data protection awareness through training, policy development, advice and guidance; 
  • •Ensuring that operating rules and general policy guidance in support of this Code of Practice and all matters relating to the Acts are available to staff
  • •Ensuring that CSMs are aware of the information and systems required to comply with the Data Protection principles and that appropriate security arrangements exist to protect data, including where necessary, that suitable contracts are drawn up relating to the processing of data held for Crosscare by third parties;
  • •To provide an initial point of contact for subject access requests.
  • •To advise CSMs on when active consent is required from people interacting with Crosscare staff members for data collection/processing;
  • •Investigation and resolution of complaints made in relation to personal data and to assist where appropriate in the investigation of disciplinary matters;
  • •Ensure that CSMs are appropriately advised that contracts with partners include strict quality, security and data protection compliance mechanisms and agreed inspection procedures;
  • •Providing for liaison on all data protection matters between Crosscare and the Data Protection Commissioner.
  • •The Data Protection Officer will conduct examinations and reviews of Data Protection procedures as part of their on-going examination and review process.

 

Staff Members

 

  • •Crosscare Staff members are responsible for ensuring that all data that they access, manage and control as part of their daily duties is done in accordance with the Data Protection Acts and this Policy.
  • •Ensure their personal information provided to Crosscare is accurate and up-to-date; inform  Crosscare of change of address or other circumstances.
  • •Ensure that third parties are aware of this policy and that they take appropriate measures to protect any personal data.  Non-disclosures agreements form part of every contract if they are subject to personal data.
  • •Ensure that personal data is factual, accurate and objective. 
  • •Work on the basis that access by staff to personal information will be audited for compliance with the law and internal policies.
  • •Hold personal data securely e.g. using locked cabinets and desk drawers.
  • •Failure to comply with this policy may result in a breach of the Data Protection Acts1988 & 2003.  Furthermore such staff members may be exposing themselves and Crosscare to litigation from an injured party.
  • •All current and former staff members of Crosscare will be held accountable, from a disciplinary perspective, in relation to all data processed, managed and controlled by them during the performance of their duties in Crosscare.

 

Failure to follow these guidelines may be regarded as a breach of this policy and may be subject to disciplinary action up to and including dismissal.

 

Enforcement of Data Protection Legislation

 

Data Protection Commissioner

 

The Act establishes the independent office of the Data Protection Commissioner.  The Commissioner is appointed by the Government and is independent in the performance of his functions.  The Commissioner’s function is to ensure that those who keep personal data in respect of individuals comply with the provisions of the Data Protection Acts.  In furtherance of this function, the Data Protection Commissioner will also have responsibility for monitoring the implementation of this Policy.

 

The Data Protection Commissioner has a wide range of enforcement powers to assist him in ensuring that the principles of Data Protection are being observed.  These powers include the serving of legal notices compelling a data controller to provide information needed to assist his enquiries, or compelling a data controller to implement provisions of the Act.

 

The Data Protection Commissioner also investigates complaints made by the general public in relation to personal data and has wide powers in this area.  He can, for example, authorise officers to enter a premises and to inspect personal information kept on computer or relevant filing system.  Members of the public who wish to make formal complaints in respect of breaches of the Data Protection Acts may do so in writing to the office of The Data Protection Commissioner, Station Road, Portarlington, Co. Laois.  Further information is available at www.dataprotection.ie.

 

Any member of the public who reports breaches of the Data Protection Acts by Crosscare to individual staff members must report the matter to the Data Protection Officer.     

 

Where Crosscare a staff member, in the normal course of their duties, becomes aware that an individual, including staff members of Crosscare, may be breaching the Acts or have committed or are committing an offence under the Acts, they should report the matter through normal communication channels to their CSM and/or the Data Protection Officer.

 

 

 

 

 

 

 

Advice/Assistance

 

All people requesting advice and assistance on data protection issues within Crosscare should be directed to our Data Protection Officer, Conor Hickey

 

Useful numbers:  01 8360011

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

 

 

The Data Protection Commissioner

Tel.  1890 252231

www.dataprotection.ie

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Appendix 1

 

Subject Access Request Form

 

 

Data Subject Request Form

  1. 1.Name & Address
 
 
 
  1. 2.Tel. No.
 
  1. 3.Email
 
  1. 4.Is the information about you?  If yes, you will need to provide a copy of photographic ID, bearing your signature, for example, a passport or driving
  1. 5.Please describe what information you require with any additional facts that may help us with the search.
 
 
 
 
 
  1. 6.Declaration to be completed by all applicants.

I, _______________________________________ (name), certify that the information given on this application to Crosscare is correct.  I understand that it is necessary for Crosscare to confirm my identity and it may be necessary to obtain more detailed information in order to locate the correct personal data.

Signed ______________________________                 Date ________________

Note: Crosscare must respond to your request within 40 days.  This time frame will not begin until your identity has been established and any relevant details obtained.

Please return the completed form and any necessary documentation to the Data Protection Officer, Crosscare,  Holy Cross College, Clonliffe Road, Dublin 3.

Documents which must accompany this application include evidence of identity; and stamped address envelope for return of the above mentioned documents.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Crosscare will process the personal information included on this form in accordance with the Data Protection Acts.  The information will only be used in order to process your request, will only be shared with those who can provide the information required and will be retained no longer than is necessary.

 

 

 

 

 

 

 

Data Subject Request Form – Third Party

  1. 1.Name & Address
 
 
 
  1. 2.Tel. No.
 
  1. 3.Email
 
  1. 4.If you are acting on behalf of another individual you will need to provide a letter from that person authorising you to act on their behalf.
  1. 5.Details of the individual whose information is being sought

Name & Address

 
 
 

Tel. No.

 

Email

 
  1. 6.Why have you been authorised to access this information?
 
 
 
  1. 7.Please describe what information you require with any additional facts that may help us with the search.
 
 
 
 
 
  1. 8.Declaration to be completed by all applicants.

I, _______________________________________ (name), certify that the information given on this application to Crosscare is correct.  I understand that it is necessary for Crosscare to confirm my identity and that of the person I am authorised to represent and it may be necessary to obtain more detailed information in order to locate the correct personal data.

Signed ______________________________                 Date ________________

Note:Crosscare must respond to your request within 40 days.  This time frame will not begin until your identity has been established and any relevant details obtained.

Please return the completed form and any necessary documentation to the Data Protection Officer, Crosscare, Holy Cross College, Clonliffe Road, Dublin 3.

Documents which must accompany this application include evidence of identity; evidence of data subject’s identity, authorisation from data subject to act on their behalf and stamped address envelope for return of the above mentioned documents.

 

 

 

 

 

Crosscare will process the personal information included on this form in accordance with the Data Protection Acts.  The information will only be used in order to process your request, will only be shared with those who can provide the information required and will be retained no longer than is necessary.

 

 

 


Appendix 2

Access Request from Staff Members to HR

Subject Access Request in relation to Personnel files

 

1. Requests for access to your own personal file should be addressed, in writing, to the Director of Human Resources. E-mails will be accepted.

 

2. The statutory period for dealing with requests is 40 days; however wherever possible HR will try to make the file available within 10 working days of receipt of any request. If you can demonstrate an urgent need requiring a quicker response, HR will treat this sympathetically. The €6.35 fee will be waived for current staff.

 

3. HR will arrange an appointment with the individual to view his/her file, if preferred. Files may only be viewed within HR, and under the supervision of a member of the Department.

 

4. Otherwise, HR will provide photocopies of documents on the file as requested by the individual.

 

5. If a member of staff wishes someone else to view the file on their behalf, or to accompany them when they view the file, they must confirm this in writing to the Director of Human Resources in advance. The authorisation must be for a named person, i.e. ‘a union rep’ will not be sufficient, the name of the individual must be given. Again, e-mail authorisation will be accepted.

 

7. A representative from HR will arrange a meeting with the subject for them to examine their file. If the person is not known to HR, their identification will be checked to see that they are who they say they are. HR can provide copies of information kept on the file on request at that meeting.

 

8. Former members of staff who wish to apply for subject access are expected to follow the standard procedures set out in section. HR reserves the right to impose the standard €6.35 fee in this case.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

APPENDIX 3

FREQUENTLY ASKED QUESTIONS

 

What is the Data Protection Act about?

The Data Protection Act 1988 and the Data Protection (Amendment) Act 2003 requires that any organisation that collects or holds information about living people does so in a way that is fair to that person. It sets out eight rules for the processing of personal data which organisations must adhere to. The Act also gives individuals the right of access to their own information.

Is Crosscare subject to the Data Protection Act?

All organisations, whether public or private, large or small, must process personal information in accordance with the Acts.

What personal information is covered?

All recorded personal information should be processed in accordance with the Acts. This means all written documents, whether electronic or paper copies, and information contained in other recorded media – CCTV footage or other video, audio cassettes and so on are also covered. The information does not have to be factual; opinions about a person are also included in the definition of personal data.

What are my rights?

The Data Protection Act gives individuals the right to know whether an organisation is processing personal information about them. If personal information is being processed, the individual has a right to know what information is being processed, why it is being processed, how it is being processed, and for what reasons. People have a right to see this data and are also entitled to receive a copy of the information. People asking for this information are making Subject Access Requests. The Data Protection Acts also gives people the right to correct inaccurate information.

How do I exercise these rights?

You can exercise your rights by making a subject access request. Any person can make a subject access request; by writing to an organisation, asking to know what personal information is held, and what use is made of the information. To correct false information, you should write to the organisation pointing out the error, and where necessary, provide evidence that the information is incorrect.


Is there a cost for making a Subject Access Request?

There is a fixed fee of €6.35 for making a Subject Access Request. This fee is generally waived for current members of staff seeking access to their personnel file.

I am collecting personal information for Crosscare. What do I need to do?

Only collect information which you really need and make sure that the person supplying the information knows how you intend to use it. If you intend using it for any other purpose, make sure they are given an opportunity to agree or disagree to this. If they do not consent, you then cannot use the information for any other purpose. This applies whether you are collecting the information on a form, over the telephone, or via the website or email.

 

What is sensitive personal data?

Some types of personal information have been singled out as needing particularly careful handling. They are information about racial or ethnic origin, political opinions or religious beliefs, trade union membership, physical or mental health, sex life, and commission of offences and subsequent proceedings.

 

How should personal information be stored?

You must be careful not to accidentally reveal personal information. Keep paper records locked away, and ensure that electronic records are password protected. Be careful when you name files and documents, so as not to accidentally disclose personal information or give a false impression about personal information; for example, a file entitled ‘ John Smith’ within a folder called ‘Debtors’ would imply something about the state of John Smith’s finances which should not be disclosed to all staff members.

 

Can I keep information about myself?

Yes. All official copies of information about staff, e.g. absence records, or performance reports will be kept securely by the relevant department(s). If you wish to keep your own copies of such information, you should follow the same principles as you would for anyone else’s data. If you are leaving the employment of Crosscare, you should remove all personal copies of your information before your departure.


Is information in my Home folder on my computer, or in other personal drives, covered by the Acts?

Yes. All information held by Crosscare is covered by the Acts. If you are storing personal documents, such as private correspondence unconnected with Crosscare’s work, use ‘private’ folders on your C drive.

 

How long can I keep personal information?

You should only keep personal data for as long as it is necessary and for the original purpose for which it was collected. Some reasons, such as mailing lists, may not have a cut off date. Others such as the details of volunteers working on a specific project, should be destroyed when no longer needed.

 

Can I give out personal information over the phone?

You should not give out personal information over the telephone, even if the person on the phone is asking for information about themselves, unless you are absolutely certain that the person is who they say they are e.g. it is a colleague whom you recognise. You may give out the work contact details of staff members if the person on the phone wishes to contact the staff about a business matter. 

 

Who is the Data Protection Commissioner?

The Data Protection Commissioner is responsible for ensuring that bodies are compliant with the Data Protection Acts. He can investigate complaints when individuals feel their personal data has been handled incorrectly.

 

Can personal data be shared between internal departments?

You can share personal information with another department if it is to be used for a reason which is similar to the reason the information was collected in the first place.

 

Can we share personal data with external organisations?

Crosscare can only share data with other bodies if the person has consented to allow this or if there is a basis in the Data Protection Acts to rely on for the sharing.

 

Whose responsibility is it to ensure that shared data is accurate?

It is the responsibility of all CSMs to carry out regular checks to ensure the accuracy of all the personal data which it processes. Crosscare must ensure that data subjects are aware of their right to check the accuracy of data held, and their right to amend it.

 

If you receive personal information from another organisation (e.g. a mailing list from an agency) you do not have to contact the individuals on the list to ensure the accuracy of the data. However, you should check that the source of the information is aware of data protection responsibilities and has fulfilled them as far as possible.

 

If I receive a subject access request asking for ‘everything that Crosscare has about me’, what should I do?

 

Refer to the Data Protection Procedures which contains some information about handling subject access requests. The person asking for their information must prove their identity before the information can be released. You are allowed to ask the person making the request to help you to find their information, for example by asking if they were a visitor to the Offices or a member of staff, and so on.

 

I have found the personal information, but it also contains other sensitive information. What should I do?

The Acts contains exemptions that allow information to be withheld; for example, if releasing it would infringe upon another person’s data protection rights. If you are unsure whether or not information can be released, contact the Data Protection Officer.

 

How does the Freedom of Information Act affect Data Protection?

The Freedom of Information Act refers to government departments and agencies only and therefore does not impact on Crosscare’s work. 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Crosscare views its governance structure to be of upmost importance to enable it to deliver its services effectively in a manner that holds it accountable to all interested parties including its service users, funders, staff and volunteers.  We aim to comply with best practice in relation to corporate governance requirements, using the guidance set out in the Charities Statement of Recommended Practice as the minimum standard to apply. 

Governance Structure

Overall responsibility for the work of the agency is vested in its Council which is appointed by the Archbishop of Dublin. Council members are appointed for a period of three years and can be re-appointed for a further term.

The current council members are:-

-          Mr Frank O’Connell    (Chairperson)

-          Mr Oliver Cussen

-          Sr. Marian Harte

-          Fr. Dermot Leycock

-          Ms. Theresa Geaney

-          Mr David Clancy (Treasurer) 

-          Ms. Evelyn Cregan   

Our Council members bring with them to the organisation a high level of expertise across the areas of social service provision, business & marketing, human resource management, governance & management practice, accountancy & resource management, church, community & ethos management.

Council members act in a voluntary capacity and do not receive any remuneration in respect of their contribution.

There are 10 Council meetings held each year. The CEO, Director of Finance and Director of HR attend these meetings. Minutes are kept.

In addition to Council meetings, Council members participate in ongoing and ad hoc sub-committees including specifically the areas of Audit Risk & Corporate Governance. These committees comprise of Council members and the Director of Finance. The terms of reference of these committees are to review the major strategic, business and operational risks to which Crosscare is exposed and to ensure that appropriate structures and procedures are in place to minimise the potential impact on Crosscare should any of the risks materialise.

Operational Management Overview

Day to day responsibility for the implementation of the agency’s programmes is located with the Chief Executive Officer, Conor Hickey, who is also an appointee of the Archbishop. Council and the CEO are resourced and supported in their respective roles, duties, and responsibilities by approximately 500 employees and a substantial contribution from volunteer workers.  

The CEO is supported by a Senior Management team comprising of the following areas of service:-

-          Residential Care Services

-          Community Services

-          Food Services

-          Youth Services – West Dublin

-          Youth Services – South Dublin & Wicklow

-          Youth Services – North & Central Dublin  

-          HR & Communications

-          Finance , IT & Administration

Org Chart SMT

CHARITABLE STATUS

Crosscare is a registered charity and has been granted exemption from certain taxes by the Revenue Commissioners. Its registered charity number is CHY6262.

AUDIT & ACCOUNTS

Crosscare prepares its annual financial statements in accordance with the accounting standards issued by the Financial Reporting Council and published by the Institute of Chartered Accountants in Ireland (Generally Accepted Accounting Practice in Ireland).

These financial statements are audited on an annual basis and full audited accounts are provided to funders on an annual basis.

The current external auditors are:-

Mazars,

Chartered Accountants & Registered Auditors,

Harcourt Centre,

Block 3,

Harcourt Road,

Dublin 2.

The contract for the provision of auditing services is put out for tender periodically.

Our Community employment schemes are audited by:-

Grant Thornton,

Chartered Accountants and Registered Auditors,

24 -26 City Quay,

Dublin 2.

We are also subject to audits from funders upon request.

A copy of the latest published accounts can be found below:

2016

2015

2014

2013

2012

2011

2010

Copy of Crosscare's Constitution

Subcategories

The Joomla! content management system lets you create webpages of various types using extensions. There are 5 basic types of extensions: components, modules, templates, languages, and plugins. Your website includes the extensions you need to create a basic website in English, but thousands of additional extensions of all types are available. The Joomla! Extensions Directory is the largest directory of Joomla extensions.

Media ImageModules are small blocks of content that can be displayed in positions on a web page. The menus on this site are displayed in modules. The core of Joomla! includes 24 separate modules ranging from login to search to random images. Each module has a name that starts mod_ but when it displays it has a title. In the descriptions in this section, the titles are the same as the names.

Media ImageTemplates give your site its look and feel. They determine layout, colours, typefaces, graphics and other aspects of design that make your site unique. Your installation of Joomla comes prepackaged with three front end templates and two backend templates. Help

These are my photos from parks I have visited (I didn't take them, they are all from Wikimedia Commons).

This shows you how to make a simple image gallery using articles in com_content.

In each article put a thumbnail image before a "readmore" and the full size image after it. Set the article to Show Intro Text: Hide.



 

Contact Us

Holy Cross College,
Clonliffe Road,
Dublin 3,
Ireland.

Tel: 01 836 0011
Fax: 01 836 7166
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

 

Follow Us